Merge "Change security policy so all apps can read /dev/xt_qtaguid."
diff --git a/app.te b/app.te
index 22a393e..b3cd7cc 100644
--- a/app.te
+++ b/app.te
@@ -24,8 +24,6 @@
allow platform_app shell_data_file:lnk_file read;
# Populate /data/app/vmdl*.tmp file created by system server.
allow platform_app apk_tmp_file:file rw_file_perms;
-# Read /dev/xt_qtaguid
-allow platform_app qtaguid_device:chr_file r_file_perms;
# ASEC
allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms;
@@ -43,8 +41,6 @@
# Write to /cache.
allow media_app cache_file:dir rw_dir_perms;
allow media_app cache_file:file create_file_perms;
-# Read /dev/xt_qtaguid
-allow media_app qtaguid_device:chr_file r_file_perms;
# Apps signed with the shared key.
type shared_app, domain;
@@ -69,8 +65,6 @@
bluetooth_domain(release_app)
# Read logs.
allow release_app log_device:chr_file read;
-# Read /dev/xt_qtaguid
-allow release_app qtaguid_device:chr_file r_file_perms;
# Services with isolatedProcess=true in their manifest.
# In order for isolated_apps to interact with apps that have levelFromUid=true
@@ -185,6 +179,9 @@
# Write to /proc/net/xt_qtaguid/ctrl file.
allow appdomain qtaguid_proc:file rw_file_perms;
+# Everybody can read the xt_qtaguid resource tracking misc dev.
+# So allow all apps to read from /dev/xt_qtaguid.
+allow appdomain qtaguid_device:chr_file r_file_perms;
# Use the Binder.
binder_use(appdomain)